Frozen Lunch-time Attack

By Erhan K

Security researchers at Princeton University discovered a cheap and easy means to steal encrypted data on a disk using only a can of compressed air. The scientists exploited a little-known (until now) vulnerability of dynamic random access memory (DRAM) chips. DRAM chips are in the class of volatile memory devices, and ostensibly they should lose their data once power is removed from the disk. Almost all RAM in desktops and laptops are of the DRAM variety. However, it turns out that when these disks are chilled to lower than room temperature levels, they temporarily keep their data. The cool part of these experiments (no pun intended) was that the developers used inexpensive cans of compressed air to freeze the data in place for later retrieval. The colder the disks stayed, the longer they kept their data. Just plug the disk back into a computer and read the contents as you please.

Both hardware solutions such as that touted by Trusted Computing Group and software solutions like FileVault on Mac OSX and Microsoft’s BitLocker in Windows Vista were affected (among others). Although both systems used AES to encrypt files, both programs left the keys in memory unencrypted, and were easily readable once their keys were frozen. Once you’ve got the security keys, reading encrypted data is a textbook operation.

Granted, this attack is only exploitable locally, but general security development should cover both remote attacks (how do we keep our credit card numbers private during online transactions?) and lunchtime attacks (how do we keep our credit card numbers private when grocery store employees have access to our account info?). These physical attacks can be circumvented by such encryption hardware and software to keep data secure, even at rest. Exploits like these, however, serve as a good reminder for security developers to stay up-to-date on third-party tools that they rely on to provide a fully secure system.

—Erhan K.